• 🎓 Master in AI & Emerging Technologies student at FP Nador
• 🛠️ Software Engineer (FST Errachidia Alumnus)
• 🔒 Passionate about Offensive Security, Bug Bounties, and Penetration Testing
• 🛠️ I design and build automation tools for recon, exploitation, and reporting
• 🌱 Currently learning: Application Security (AppSec), Active Directory (AD) pentesting (starting), mobile pentesting (starting), and Django
• 💡 Building: a new Django project for authenticated vuln scanner/dashboard & internal tools
• 🚀 Open to internships and junior roles in Cybersecurity or Software Development

Web & API Security

• OWASP Top 10: XSS, SQLi, CSRF, IDOR, Broken Authentication, Misconfigurations, Sensitive Data Exposure ...
• API testing: JWT/bearer flaws, auth bypasses, rate-limit & logic abuses ...
• Server-side vulnerabilities: SSRF, template injection ...
• Auth/session attacks: brute force, session fixation, cookie misconfig, MFA bypass attempts ...
• Attack automation with Python scripts & safe PoCs ...

Manual + Automated Workflows

• Combining DAST with manual verification
• Secure code review: logic flaws, insecure APIs, backend/frontend vulnerabilities
• Fuzzing for web inputs & APIs

Web Tooling & Techniques

• Proxy-based testing (Burp/Caido)
• Authenticated testing + headless browser automation
• TLS/cert checks, CSP & header validation

Custom Tooling & Reporting

• Python tools for recon & structured outputs
• Professional reporting: reproducible PoCs, risk scoring, remediation guidance

• 🔎 Vulnerability Scanner Web App with Django (coming soon) – persistent scanner with editing/deleting of results, focused on automation and clear reporting
• 🕵️ Recon Automation Tool – Python-based recon framework with structured outputs for triage
• 🛠️ Django Project (In progress) – building a new Django app for authenticated dashboards & scan management